CVE-2026-4282
Authorization Code Forgery in Keycloak SingleUseObjectProvider Enables Privilege Escalation
Publication date: 2026-04-02
Last updated on: 2026-04-16
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | build_of_keycloak | * |
| redhat | build_of_keycloak | 26.2 |
| redhat | build_of_keycloak | 26.2.15 |
| redhat | build_of_keycloak | 26.4 |
| redhat | build_of_keycloak | 26.4.11 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-653 | The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4282 is a high-severity vulnerability in Keycloak caused by a flaw in the SingleUseObjectProvider component, which acts as a global key-value store without proper type or namespace isolation.
This flaw allows an unauthenticated attacker to forge authorization codes.
By exploiting these forged codes, the attacker can create access tokens with administrative privileges, leading to privilege escalation within the system.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in Keycloak's SingleUseObjectProvider allows unauthenticated attackers to forge authorization codes and escalate privileges. Immediate mitigation steps include applying any available security patches or updates provided by Keycloak or your Linux distribution vendor.
Since the vulnerability affects all Linux environments running Keycloak and no specific version is mentioned, it is critical to monitor official Keycloak and Red Hat advisories for patches or workarounds.
Additionally, consider restricting network access to Keycloak instances, enforcing strict access controls, and monitoring for suspicious authorization code usage to reduce the risk of exploitation.
How can this vulnerability impact me? :
The vulnerability can allow an unauthenticated attacker to escalate their privileges by forging authorization codes and generating admin-capable access tokens.
This means an attacker could gain administrative access to your Keycloak environment, potentially compromising the security and integrity of your system.